Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Ashley Madison disclosure shows paper-thin privacy

Glenn Fleishman | Aug. 21, 2015
The membership data for a site that advertised itself as catering to cheating married people has been disclosed, shredding some last vestige of online confidentiality.

Registering for Ashley Madison and Established Men, sites that market themselves, respectively, as for married cheaters and sugar daddies, may not indicate a breach of trust between the person setting up an account and anyone else in his or her life, marketing hype aside.

In America and many countries, relationships—married and otherwise—aren’t subject to government oversight anymore, and social opprobrium becomes difficult in an age of seeming total transparency, in which people become increasingly aware of the glass house in which they live from which they are throwing stones.

Where the breach in trust absolutely, provably occurred is where the company operating these sites failed to engage in proper security to ensure the privacy and integrity of its members. Further, while Ashley Madison promised permanent deletion of user data for $19, it appears clear that they did not—the contention of whomever extracted the data a month ago and has now released it.

Hold the moral pickle

A tut-tutting occurs whenever naked photos of celebrities are grabbed from private accounts and posted. Surely, they shouldn’t take such pictures; they should know better; the Internet is untrustworthy; and, ultimately, “it’s their fault for taking them.” This is akin to being told that being robbed in a “bad” neighborhood is your fault for carrying money and being there. The fault lies with the criminals.

Apple received more appropriate opprobrium when Jennifer Lawrence and others’ photos were apparently retrieved via their iCloud accounts a year ago, ostensibly through a combination of background research, social engineering, and a lack of iCloud password-attempt limitations.

The company has ratcheted up its efforts. In the year since that hack, following previous ones, it enabled more extensive use of two-step verification, and has built native support for extensive and simplified use of two-factor authentication into the upcoming iOS 9 and El Capitan (OS X 10.11) releases.

However, login protection doesn’t keep ne’er-do-wells from snarfing private databases. That’s a separate responsibility—and we’ve seen hundreds of thefts in which details were stolen and often sold or released, affecting many tens of millions of people in America alone.

What can we trust that’s stored online, even if we don’t deserve the blame for the thefts? That’s the real question, and it relates to how firms need access to your data.

While a two-factor-protected iCloud account could still suffer from extraction if someone finds a way to break through Apple’s defenses to siphon up data that includes yours, it’s arguable that the current system allows a very high degree of relative safety for your photos, contacts, and other information. It’ll be better when the more stringent native implementation rolls out in a few weeks. Google has offered two-factor authentication for years, and with its proper use, should be equally relatively secure.

 

1  2  3  Next Page 

Sign up for Computerworld eNewsletters.